Kevin Breen responsibly disclosed a Reflected XSS vulnerability in CapMe. We've improved input validation to address this vulnerability and the following package is now available:
securityonion-capme - 20121213-0ubuntu0securityonion79
These updates should resolve the following issues:
securityonion-capme: improve input validation in functions.php #1767
https://github.com/Security-Onion-Solutions/security-onion/issues/1767
Timeline
2020-05-19 10:13 AM Eastern
Received email from Kevin Breen detailing the Reflected XSS vulnerability.
2020-05-19 10:15 AM Eastern
Acknowledged email.
2020-05-19 10:48 AM Eastern
Sent patch to Kevin for verification.
2020-05-19 12:21 PM Eastern
Received verification from Kevin and began the publishing process.
Thanks
Thanks to Kevin Breen for responsibly disclosing this vulnerability!
Updating
Please see the following page for full update instructions:
https://securityonion.net/docs/Upgrade
Support
Need support? Please see:
https://securityonion.net/docs/Support
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.